From owner-freebsd-security Thu Sep 16 18:28:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp2.andrew.cmu.edu (SMTP2.ANDREW.CMU.EDU [128.2.10.82]) by hub.freebsd.org (Postfix) with ESMTP id 1806814D6A for ; Thu, 16 Sep 1999 18:28:20 -0700 (PDT) (envelope-from Harry_M_Leitzell@cmu.edu) Received: from unix8.andrew.cmu.edu (UNIX8.ANDREW.CMU.EDU [128.2.15.12]) by smtp2.andrew.cmu.edu (8.9.3/8.9.3) with SMTP id VAA16502; Thu, 16 Sep 1999 21:28:12 -0400 (EDT) Date: Thu, 16 Sep 1999 21:28:11 -0400 (EDT) From: "Harry M. Leitzell" X-Sender: Harry_M_Leitzell@unix8.andrew.cmu.edu To: Brett Glass Cc: Liam Slusser , Kenny Drobnack , security@FreeBSD.ORG Subject: Re: BPF on in 3.3-RC GENERIC kernel In-Reply-To: <4.2.0.58.19990916185341.00aaf100@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org No offense, but tripwire is really a bit overrated except if the person is a script child and hasn't a clue as to what to do. If tripwire hasn't been set up with the db set on a readonly disk partition and you gain root, you can set up a KLM to change the db on the fly. On Thu, 16 Sep 1999, Brett Glass wrote: > At 04:14 PM 9/16/99 -0700, Liam Slusser wrote: > > >Right...but if the system was hacked what would stop the hacker from > >building BPF in a kernel? > > securelevel=2 or securelevel=3. > > Or Tripwire. > > --Brett > > > [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] Harry M. Leitzell - Harry_M_Leitzell@cmu.edu Carnegie Mellon University Finger for PGP Public Key [-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message